Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,615
Maven
5,000+
npm
5,000+
NuGet
925
pip
4,835
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

4,049 advisories

Loading
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is... High Unreviewed
CVE-2026-6741 was published Apr 27, 2026
The Fan Control application V251 contains an improper privilege handling vulnerability in its... High Unreviewed
CVE-2025-69689 was published Apr 27, 2026
The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege... High Unreviewed
CVE-2026-7106 was published Apr 27, 2026
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated... High Unreviewed
CVE-2026-41359 was published Apr 24, 2026
IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 Moderate Unreviewed
CVE-2026-1726 was published Apr 23, 2026
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application... High Unreviewed
CVE-2026-3621 was published Apr 23, 2026
In order to apply a particular protection key to an address range, the kernel must update the... Moderate Unreviewed
CVE-2026-6386 was published Apr 22, 2026
Neko has a Self-service Privilege Escalation for Authenticated Users High
CVE-2026-39386 was published for github.com/m1k1o/neko/server (Go) Apr 21, 2026
blitzkrieg-patch Credited to blitzkrieg-patch
Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150 and... Moderate Unreviewed
CVE-2026-6769 was published Apr 21, 2026
Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150 and... Moderate Unreviewed
CVE-2026-6761 was published Apr 21, 2026
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in... Moderate Unreviewed
CVE-2026-6750 was published Apr 21, 2026
PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may... Low Unreviewed
CVE-2026-31369 was published Apr 21, 2026
In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code... Moderate Unreviewed
CVE-2026-29647 was published Apr 20, 2026
In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly... High Unreviewed
CVE-2026-29648 was published Apr 20, 2026
Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update... Critical Unreviewed
CVE-2026-30269 was published Apr 20, 2026
Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release... Moderate Unreviewed
CVE-2026-35154 was published Apr 20, 2026
OpenClaw: Agent hook events could enqueue trusted system events from unsanitized external input Moderate
GHSA-7g8c-cfr3-vqqr was published for openclaw (npm) Apr 17, 2026
zsxsoft Credited to zsxsoft, qclawer, and KeenSecurityLab qclawer qclawer
KeenSecurityLab KeenSecurityLab
OpenClaw: Heartbeat owner downgrade missed local async exec completion events Moderate
GHSA-g375-h3v6-4873 was published for openclaw (npm) Apr 17, 2026
zsxsoft Credited to zsxsoft, qclawer, and KeenSecurityLab qclawer qclawer
KeenSecurityLab KeenSecurityLab
STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged... Moderate Unreviewed
CVE-2025-70795 was published Apr 17, 2026
Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to... Moderate Unreviewed
CVE-2026-40002 was published Apr 17, 2026
Weblate: Privilege escalation in the user API endpoint High
CVE-2026-34393 was published for weblate (pip) Apr 16, 2026
tikket1 Credited to tikket1, nijel, and DavidCarliez nijel nijel
DavidCarliez DavidCarliez
Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an... High Unreviewed
CVE-2026-23772 was published Apr 16, 2026
The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of... Critical Unreviewed
CVE-2026-4880 was published Apr 16, 2026
Improper privilege management in Microsoft Windows allows an authorized attacker to deny service... Moderate Unreviewed
CVE-2026-32181 was published Apr 14, 2026
Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php High
CVE-2026-38529 was published for krayin/laravel-crm (Composer) Apr 14, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database